Our company data protection officer can be reached at
the above address or at privacy@duravit.com.

2. The collection and storage of personal data, the type
and purpose of use

a) When visiting the website

When you visit our website, the browser on your device
automatically sends information to the server on our website. This information
is temporarily stored in a so-called log file. The following information is
recorded without action on your part and stored until it is automatically
deleted:

·
Name of the file being accessed

·
Date and time of access

·
Volume of data transmitted

·
Log indicating whether access was successful

·
Description of the type of web browser used

·
Operating system used

·
Page previously visited

·
Provider

·
Your IP address

We process this data for the following reasons:

·
To ensure a smooth connection of the website

·
To ensure comfortable use of our website

·
To evaluate system security and stability and

·
For other administrative purposes.

The lawful basis for processing data is
Art. 6(1)(f) GDPR. Our legitimate interest follows from the reasons for
data collection listed above. Under no circumstances will we use the data
collected to draw any conclusions regarding you.

We also use cookies and analysis / marketing services
when you visit our website. You will find more detailed information on this
under sections 4 - 6 of this data privacy statement.

b) E-newsletter

If you have
subscribed to our e-newsletter, we will process the personal data you have
provided us with to keep you up-to-date on what's new at Duravit AG.

You agree to us sending you newsletters regularly by e-mail to the specified
e-mail address. Regarding the e-newsletter, we check beforehand that you are
the owner of the e-mail address provided or that the owner agrees to receive
the newsletter.

We will process the data on the basis of your consent
in accordance with Art. 6(1)(a) GDPR.

You can revoke your consent to us processing your data
at any time via the unsubscribe link in each e-mail, or by sending an e-mail to
the mailbox privacy@duravit.com.

c) Contact
forms

If you have any
questions, you can contact us using the contact form provided on our website.
You will need to provide your name, e-mail address and a message in order to
receive a reply.
Further information is provided
voluntarily.

We will process data provided for the purpose of us
establishing contact on the basis of your specific request in accordance with
Art. 6(1)(a) GDPR.

d) User account

On our website you can choose to register a user
account.

Your name, address and e-mail address are required for
registration. Further information is provided voluntarily.

A user account offers the following features:

· Planning directory

· Download basket

· Reminder list and

· Data overview

The data will be processed on the basis of your
specific request in accordance with Art. 6(1)(b) GDPR. Your data will not be
used or passed on in any other way.

e) Applicant details

We process personal data about you for the purpose of your application for employment, insofar as this is necessary for the decision to establish an employment relationship with us. The legal basis for this is Section 26 (1) in conjunction with (8), Sentence 2 of the German Data Protection Act (BDSG).

We process data in connection with your application. This may include general information about you (such as your name, address and contact particulars), information about your professional qualifications and educational training, information about professional training or other information you provide us in connection with your application. We may also process job-related information you have made publicly available, such as a profile on career-related social media networks.

Should an employment relationship result from your application, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the execution or termination of the employment relationship, or for exercising or fulfilling the rights and obligations of representation of employees’ interests as arising out of a works or service agreement (collective agreement).

3. Data disclosure

Your personal data will not be transferred to third
parties for purposes other than those listed below.

We will only pass on your personal data to third
parties if:

·
You have given your explicit consent to this pursuant
to Art. 6(1)(a) GDPR,

·
Disclosure is required pursuant to Art. 6(1)(f) GDPR
and there is no reason to assume that you have an overriding interest worthy of
protection in not disclosing your data,

·
A legal obligation exists in accordance with Art.
6(1)(c) GDPR, or

·
It is legally permissible and necessary for the
handling of the contractual relationship with you pursuant to Art. 6(1)(b)
GDPR.

4. Cookies

We use so-called
cookies in some areas of our website. These elements allow your computer to be
identified as a technical device when you visit our website and facilitate
using our services - particularly during follow-up visits.

However, in general,
you also have the option to set your Internet browser so that you are informed
of cookies so that you can accept or refuse them or delete existing cookies.

Please use the help
feature of your Internet browser for information on how to change these
settings. Please note that some features of our website may not work if you
disable the use of cookies.

Cookies do not allow a
server to read private data from your computer or data stored on another
server. They will do no damage to your computer and do not contain viruses.

Art. 6(1)(f) GDPR
serves as the lawful basis for the use of cookies: processing takes place to
improve the functioning of our website. It is therefore necessary to protect
our legitimate interests.

Google Analytics uses so-called
“cookies” – text files that are stored on your computer to allow an analysis of
your use of the website. The information about your use of the website
generated by the cookie is usually sent to a Google server in the USA, where it
is saved. However, in the event that IP anonymization is activated on this
website, Google will abbreviate your IP address in advance within member states
of the European Union or in other countries within the European Economic Area
that are party to the agreement. Only in exceptional cases is the full IP
address sent to a Google server in the USA and abbreviated there. Google will
use this information on our behalf to analyze your use of the website, compile
reports on website activity and provide us with other services relating to
website and Internet use. The IP address provided by your browser for Google
Analytics purposes is not merged with other data held by Google. You can
prevent cookies from being stored by using the appropriate setting in your
browser; however we would like to point out that if you block cookies it may
mean that you are unable to benefit from the full range of functions offered by
this website. You can also prevent collection of data generated by the cookie
in reference to your website usage (including your IP address) by Google, and
processing of this data by Google, by downloading the browser plug-in from the
following link (http://tools.google.com/dlpage/gaoptout?hl=de) and
installing it.

Please note that to ensure anonymous
logging of IP addresses (so-called IP masking), on this website Google
Analytics has been extended with the code ‘gat._anonymizeIp()’.

You can also prevent the collection
of your data by Google Analytics by clicking on the following link. An opt-out
cookie will then be set which prevents further collection of your data when you
visit this website. This is particularly recommended when accessing our site
via mobile devices.

Art. 6(1)(f) GDPR serves as the lawful basis for the
use of the aforementioned analysis tool: the processing takes place for
the analysis of the usage behaviour and is therefore necessary to protect our
legitimate interests.

Google marketing services use
cookies that are stored on your computer and allow us to target ads for and on
our site to show users only ads that may be of interest to them. If, for
example, you should see ads for products for which you have shown an interest
on other websites, this is referred to as "remarketing". To this end,
when our and other websites on which Google marketing services are active are
called up, a Google code is executed directly by Google and so-called
(re)marketing tags are integrated into the website.

The
information about your use of the website generated by the cookie or tags is
usually sent to a Google server in the USA, where it is saved. However, due to
the activation of IP anonymization on this website, Google will abbreviate your
IP address in advance within member states of the European Union or in other
countries within the European Economic Area that are party to the agreement. User data is
therefore processed within the context of Google marketing services in
pseudonymized form; i.e. Google does not, for example, store and process the
names or e-mail addresses of users, but rather the relevant cookie-related data
within pseudonymous user profiles. This means that, from Google's point of
view, the ads are not managed and displayed for a specifically identified
person, but rather for the cookie holder, regardless of who this cookie holder
is.
This does not apply if a user has
expressly allowed Google to process the data without pseudonymization. The
information collected by Google marketing services about users is transmitted
to Google and stored on Google's servers in the United States.

One
of the Google marketing services we use is the online advertising program
"Google AdWords". In the case of Google AdWords, each AdWords
customer receives a different "conversion cookie". Cookies cannot
therefore be traced through the websites of AdWords customers. The information
collected by the cookie is used to generate conversion statistics for AdWords
customers who have opted for conversion tracking. AdWords customers see the total
number of users who clicked on their ad and were redirected to a page with a
conversion tracking tag. However, they do not receive any information that
personally identifies users.

We can use the Google marketing
service "DoubleClick" to integrate third-party advertisements.
DoubleClick uses cookies to enable Google and its partner websites to place ads
based on users' visits to this and other websites on the Internet.

We can also use the "Google Tag
Manager" to integrate and manage Google analysis and marketing services
within our website.

If you wish to opt out of
interest-based advertising through Google marketing services, you can use the
setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

Art. 6(1)(a) GDPR serves as the lawful basis for the use of the
aforementioned marketing service.

7. Use of YouTube videos

We use video components from YouTube. YouTube is an Internet video portal that allows registered users to post video clips and other users to view, rate and comment on them free of charge.YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

Each time you call up a page on which a YouTube component (YouTube player) is integrated, the Internet browser on your computer is automatically prompted to download a display of the corresponding YouTube component from YouTube. You can find more information on YouTube at https://www.youtube.com/yt/about/de/ As part of this process, YouTube and Google are informed about which specific sub-page of our website you are visiting.

If you are logged in to YouTube at the same time, YouTube recognizes which specific sub-page of our website you are visiting when you call up a sub-page containing a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google receive information via the YouTube component that you have visited our website whenever you are logged in to YouTube at the same time as visiting our website, regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent its transfer by logging out of your YouTube account before visiting our website.You can also prevent an automatic connection being established at any time by choosing the appropriate settings in your Internet browser; our site can then still be used – even if you cannot watch videos.

The data protection regulations published by YouTube, which are to be found at https://www.google.de/intl/de/policies/privacy/, provide information about how personal data are collected, processed and used by YouTube and Google.

We do not store any personal data within YouTube. Personal data are not transmitted to other recipients.

Art. 6(1)(f) GDPR serves as the lawful basis for the use of the above-mentioned analysis tool: processing takes place for the purposes of the demand-oriented design of our website.

8.
Storage period

a) General data

Data stored by us will be deleted as
soon as you revoke any consent or if the data is no longer required for its
intended use and the deletion is not contrary to any legitimate interests or
lawful storage obligations.

If the data cannot be deleted
because it is needed for other, lawfully permissible purposes, its processing
is restricted. This means that the data is blocked and will not be processed
for other purposes. This applies, for example, to user data that must be
retained for commercial or tax reasons.

In accordance with legal
requirements, the data is stored for 6 years in accordance with § 257 (1) HGB
(e.g. commercial letters, accounting records, etc.) and for 10 years in
accordance with § 147 (1) AO (e.g. commercial and business letters, tax-related
documents).

b) Applicant details

We store your personal data for as long as it is necessary to make a decision about your application. If your application does not result in an employment relationship, we may continue to store your data, insofar as this is necessary to defend against possible legal claims. The application documents will be deleted six months after notification of the rejection decision, unless a longer storage period is required as a result of legal disputes.

9. Rights of the data subject

You have the following
rights:

a. Right of access

You have the right to request confirmation from us as
to whether personal data concerning you is being processed.

You have the right to receive personal data concerning
you, with which you have provided us, in a structured, commonly used and
machine-readable format and the right to transmit this data to another
controller.

d. Cancellation rights

You have the right to revoke your consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based
on consent before its withdrawal.

e. Right to object

If the processing of personal data concerning you is
necessary for the performance of a task which is in the public interest (Art. 6
para. 1 (e) GDPR) or for the protection of our legitimate interests (Art. 6
para. 1 (f) GDPR), you have a right to object.

f.
Right to lodge a
complaint

If you believe that the processing of personal data
concerning you violates the GDPR, you have the right to lodge a complaint to a
supervisory authority, without prejudice to any other remedies.

10. Changes to the data privacy statement

We reserve the right to adapt this
data privacy statement in the event of any changes to the legal situation, our
services and data processing. However, this only applies with regard to
statements on data processing. If user consents are required or sections of the
data privacy statement contain provisions on the contractual relationship with
users, the changes will only be made with the users' consent.